Methods for detection of content servers and caching popular content therein

ABSTRACT

A method for identification of popular content provided over a first portion of a network to a second portion of a network in the form of packets containing, the method comprises identifying a source of content in the first portion of a network. Deep-packet-inspection (DPI) is performed to determine if content in each packet related to the content is to be stored in a storage that is in a path between the content source and at least a user node in the second portion of the network. The content is stored. A request is received from the user node for a requested content. It is determined if the requested content or portions of the requested content is in the storage. if the requested content or portions of the requested content is missing in the storage, a request is sent to the content source for the requested content or missing portions of the requested content.

The present application is a continuation of concurrently filed co-pending patent application entitled “A System for Detection of Content Servers and Caching Popular Content Therein”, and further claims priority from priority from U.S. provisional patent application 61/375,836, entitled “A System for Detection of Content Servers and Caching Popular Content Therein”, filed on 22 Aug. 2010, and U.S. provisional patent application 61/375,838, entitled “Methods for Detection of Content Servers and Caching Popular Content Therein”, filed on 22 Aug. 2010, both assigned to common assignee and hereby incorporated by reference for all that they contain.

TECHNICAL FIELD

The invention generally relates to classification of packets transmitted in a network and more specifically to the determination of content to be stored in storage located along the network based on the type of data transferred in the packet.

BACKGROUND

Service providers worldwide are facing a mounting problem of flattening revenues coupled with increasing costs brought forth by increasing usage of bandwidth, growing churn, subscriber saturation and competitive price pressures. These mobile and broadband providers are facing challenges in delivering new revenue generating services while seeing their (over the top) OTT counterparts reaping rewards with content delivered over the networks they built and maintained over the years.

The vast majority of these OTT services are delivered over hypertext transfer protocol (HTTP), the de-facto protocol for application development and delivery. Be it video, social networking, search, or advertising, over fixed line as well as mobile applications, it is most likely running on top of HTTP. However, this protocol is also the most processing intensive protocol for network devices. Hence practically any increase in usage results in increase the pressure on the service providers.

Certainly one way to control traffic on the Internet requires various levels of understanding of the traffic that flows through the network which is also increasing in its level of sophistication. Various systems and solutions have been offered to enable deep-packet-inspection (DPI) to enable an ever sophisticated ability to shape the traffic on the network. This ability allows the service providers to better manage the network and its related resources, provide a higher level of quality of service (QoS) in the hopes to increase revenues and profits. However, the rapid increase in the delivery of heavy bandwidth consuming data, such as video, and consumption thereof, requires a new level of handling that is not available today in prior art solutions. A known problem is the access of a user node to a content source and subsequently the access by another user node to the same content, resulting in additional load on the content provider and on the entire network. When, for example, popular video clips are accessed there is a significant and noticeable degradation of the network performance that may even lead to a network failure. Some prior art solutions attempt to store all the data in caches, however, with the huge amounts of data and the need to inspect each and every packet, regardless of its source, makes this a daunting and impractical task.

It would be advantageous to provide service providers with a solution that will enable them to effectively manage and control the delivery of heavy bandwidth consuming data such that the overall bandwidth requirements are loaded and better shared across the network in general, and in particular within the network of a specific service provider.

SUMMARY

To realize some of the advantages described above, there is provided a method for identification of popular content provided over a first portion of a network to a second portion of a network in the form of packets containing, the method comprises identifying a source of content in the first portion of a network. Deep-packet-inspection (DPI) is performed to determine if content in each packet related to the content is to be stored in a storage that is in a path between the content source and at least a user node in the second portion of the network. The content is stored. A request is received from the user node for a requested content. It is determined if the requested content or portions of the requested content is in the storage. if the requested content or portions of the requested content is missing in the storage, a request is sent to the content source for the requested content or missing portions of the requested content.

Specifically, the content is stored in the storage based on at least popularity of the content.

More specifically, the technique includes determination of the at least a content source as a source from which content is to be saved in the storage.

More specifically, the determination of the at least a content source is based on the popularity of access to the content in the at least a content source.

More specifically, the DPI is performed on a predefined portion of packets flows from packet traffic on the first portion of the network.

More specifically, the predefined portion is determined by using a hash function that accepts as an input source, addresses and destination addresses of the packet flows.

More specifically, the hash function further accepts as an input source ports and destination ports of packet flows.

More specifically, upon determination that a content source of the at least a content source contains content of interest than at least inspecting all packets of such content source.

More specifically, the content is video content.

Another aspect of the disclosed teachings is a method for delivering popular content responsive of a request by at least a user node from a storage located on a network path between the at least a user node in a second portion of the network and at least a content source in a first portion of the network, the method comprising performing deep-packet-inspection (DPI) of packets containing content delivered over the network path and storing in a storage, content determined to be popular content.

More specifically, a source of the at least a content source providing content determined to be popular content is identified as a content source for which all packets are inspected for popular content.

Another aspect of the disclosed teachings is a method comprising receiving at least a parameter regarding data type of a content. Data packets are selected for inspection from a plurality of data packets transferring over a first portion of a network. Deep-packet-inspection (DPI) is performed on the selected data packets to determine based on the at least parameter if the data packets contain content of interest. An identification counter respective of the data packets that contain content of interest is increased. A count of the identification counter is associated with a content source. DPI is performed on each packet of the plurality of data packets that comes from an identified source. Content of the inspected each packet is stored if the inspection determined that the content was a content of interest

More specifically, the selecting data packets for inspection comprises selecting one out of a predefined portion of packets of packet flows from the traffic on a network.

More specifically, determining the predefined portion comprises using a hash function that accepts as an input the source address and destination address of packets.

More specifically, a source of content is considered to be identified upon an identification count exceeding a predetermined threshold value.

More specifically, the value of the identification counter is decreased if the count did not increase for a predefined period of time.

More specifically, storing content occurs after inspection of the content of a received data packet from the second network by the DPI unit.

BRIEF DESCRIPTION OF THE DRAWINGS

The above discussed advantages of the disclosed teachings will become more apparent by describing in detail some exemplary implementations thereof with reference to the attached drawings in which:

FIG. 1 is a block diagram depicting an exemplary network system in accordance with aspects of the disclosed teachings.

FIG. 2 is a block diagram depicting an exemplary implementation of an apparatus to identify content sources and provide content from the apparatus in accordance aspects of the disclosed teachings.

FIG. 3 is an exemplary flowchart depicting the identification of a content source in accordance with aspects of the disclosed teachings.

FIG. 4 is an exemplary flowchart depicting the storage of content from identified content sources in the storage of the apparatus according to aspects of the disclosed teachings.

FIG. 5 is an exemplary flowchart describing the providing of content to a requesting node according to aspects of the disclosed teachings.

DETAILED DESCRIPTION

Techniques are used in conjunction with a ‘bump-in-the-wire’ apparatus for efficient usage of network bandwidth. Specifically, the system samples packets from a plurality of content sources and identifies those content sources providing predetermined types of data, for example, video clips. Upon identification of such content sources, any data that arrives from such a content source is subject to a deep-packet-inspection (DPI) process to positively identify the content and the need to store it in cache storage such that when a subsequent request for the same content is received there is no need to transmit the content from the content source and rather deliver it from the system's storage. This results in at least less traffic flowing in entire network, faster service, and lower operational costs.

Reference is now made to FIG. 1 where an exemplary and non-limiting block diagram 100 of a basic network system in accordance with the disclosed teachings is shown. The system depicted comprises a first portion of a network and a second portion of the network. In this example, the first portion of the network is a global network 120 and the second portion of the network is a service provider network 130. The first and the second portion of the network are coupled by a ‘bump-in-the-wire’ apparatus 110. While the network 120 and 130 are shown as detached from each other it should be noted that this is only an exemplary configuration and other configurations are possible without departing from the principles of the invention and such separation may be, for example, merely a logical separation. To the global network 120, there are connected one or more content sources (CSs), shown as CS₁ 140-1 through CS_(n) 140-n, commonly referred to as CS 140. The content sources provide content upon request, for example video clips, from the appropriate CS to a requestor. To the service provider network 130 there are connected one or more user nodes (UNs), shown as UN₁ 150-1 through UN_(m) 150-m, commonly referred to as UN 150. When a UN 150 requests content from a CS 140 it is transferred, according to the invention through a service deliver apparatus (SDA) 110, the function of which is described in more detail herein below. Generally, the SDA 110 may provide the requested content from its storage or, when such content, or portions thereof, are not in the SDA 110, then the request is forwarded to the appropriate CS 140 for the delivery of the content, and as further described below.

FIG. 2 provides an exemplary and non-limiting block diagram of the SDA 110 that identifies content sources and provides content from the apparatus in accordance with the disclosed teachings. The SDA 110 comprises a DPI unit 210, a storage 220, a content delivery unit (CDU) 230 and an input/output interface 240. According to the disclosed teachings, the DPI unit 210 has two separate tasks. The first task is to identify sources of content that potentially contain data that may be worthwhile to store in storage 220. For example, video servers may be located throughout the global network 120 and accessed by UNs 150 of the service provider network 130, randomly by UNs 150. In order to overcome the deficiencies of related art solutions the apparatus 110 is implemented differently. The DPI unit 210 is provided with data types to look for in data packets that are transmitted through the apparatus 110. Instead of inspecting each and every packet DPI unit 210 may inspect only one in a certain number of (for example, one-in-a-thousand packets) out of the entire traffic thereby significantly lowering the processing load. It should be understood that the method for selecting the sampled packets is typically not performed by using a simple counter to process one out of every predetermined number of packets. Instead the source and destination addresses from each packet are fed into a hash function, and the hash function result is compared to a configurable threshold, and the result of this comparison determines if the packet is inspected or not. In addition, it should be understood that the hash function is symmetric with respect to the source/destination addresses, such that swapping the source address and the destination address does not change the hash result. In one embodiment of the invention source/destination ports may also be used as part of the hash function operation. This is needed to guarantee that each flow comprising of multiple packets sent between a UN 150 and a CS 140 is either fully ignored or fully inspected. Upon determination that a specific CS 140 provides a desired data type, the identification of that CS 140 is stored. Any future packet received from or sent to the identified CS 140 is inspected by the DPI unit 210 and if the packet contains content that may be interesting for storage, such as video content, such content is stored in the storage 220. This kind of inspection ensures that demand for highly popular content from a popular CS 140 is likely to be quickly detected while infrequent access to a CS 140 would typically not impact the traditional operation of the system. It should be noted that identification of a CS 140 does not have to be on the first detection of data of interest and threshold levels may be used, as well as an aging mechanism so that relatively infrequently accessed CSs 140 would lose older accesses from impacting a threshold value.

While DPI unit 210 operates on the packets that arrive from CSs 140, the CDU 230 operates with respect of requests for content received from the UNs 150 of the service provider network 130. Upon receipt of such a request, the DI 210 first checks if content from the requested CS 140 actually resides in the storage 220 by first checking that the CS 140 identification is known to the apparatus 110. If that is the case then the storage 220 is checked for the possibility of delivery of the content or portions thereof. If the entire content or portions thereof are found, then these are delivered to the requesting UN 150. If the entire content is missing, or certain portions thereof are missing, then the request is forwarded to the appropriate CS 140. Storage 220 may be semiconductor media, magnetic media, or any other type of storage media appropriate for the storage of content.

Reference is now made to FIG. 3 that depicts an exemplary and non-limiting flowchart 300 depicting the identification of a content source in accordance with aspects of the disclosed teachings. In S310 there are received and/or fetched parameters relating to the data of interest in the CSs. For example, it may contain parameters pertaining to video data. In S320, packets are selected off of the network traffic, for example the global network 120. The ratio between the number of packets that pass through the network and the number inspected may be configured, so it could be one-in-a-thousand, one-in-ten-thousand, and so on and so forth. In S330, it is checked if the data in the packet corresponds to the data parameters, e.g., contains video data, and if so execution continues with S340; otherwise, execution continues with S370. In S340, the count with respect to the CS 140 that is the source of the packet is updated, for example but not by way of limitation, by incrementing the value of a counter. In S350, it is checked if the count for that CS 140 has exceeded a threshold value and if so execution continues with S360; otherwise, execution continues with S370. In one implementation, the count may also have an aging mechanism (not shown). Furthermore, different data types may have different thresholds, different count increases, and different count aging. In S360 the CS 140 is identified as a source of content eligible for storage in storage, for example, storage 220. In S370, it is checked if there are more data packets to be inspected and if so, execution continues with S320; otherwise execution terminates.

Reference is now made to FIG. 4 that depicts an exemplary and non-limiting flowchart 400 depicting the storage of content from identified CS 140 in the storage 220 of the apparatus 110 according to aspects of the disclosed teachings. In S410, a packet is received by apparatus 110. In S420, it is checked whether the received packet is from an identified CS 140 and if so execution continues with S430; otherwise execution continues with S460. In S430, the received packet is inspected by the DPI unit 210 to identify content of interest. It should be understood that this takes place as it is possible that even though the packet arrived from an identified CS 140 it does not contain content of interest and therefore there is no need to waste valuable storage space in storage 220 for that data. In S440, it is checked whether such content of interest was found and if so execution continues with S450; otherwise, execution continues with S460. In S450 the content from the received packet is stored in storage, for example, storage 220. In S460 it is checked whether more packets are received and if so execution continues with S410; otherwise, execution terminates.

Reference is now made to FIG. 5 that depicts an exemplary and non-limiting flowchart 500 describing the providing of content to a requesting UN 150 according to aspects of the disclosed teachings. In S510, the apparatus 110 receives a request for content from a UN 150. In S520, it is checked if the requested content is in an indentified CS 140 and if so execution continues with S530; otherwise, execution continues with S560. In S530, it is checked whether the content is in storage, for example storage 220, and if so execution continues with S540; otherwise, execution continues with S560. In S540 it is checked whether the entire requested content is in storage and if so execution continues from S550; otherwise, execution continues with S560. In S550, the content is delivered to the requesting UN 150. In S560, it is checked whether additional content requests exist and if so execution continues with S510; otherwise, execution terminates.

In one alternate implementation, when detecting that a portion of the requested content is in the storage 220 and deliverable to the requesting UN 150, such content is delivered immediately to the UN 150 while only the missing portions of the content is requested from the CS 140. Hence a request from the CDU 230 may be for the requested content or portions thereof. It should be further understood that in a typical implementation, once the DPI unit 210 determines that a CS 140 may contain content that should be stored in storage 220, the packets from such a CS 140 are consistently inspected for determination of popular content.

The principles of the invention are implemented as hardware, firmware, software, or any combination thereof Moreover, the software is preferably implemented as an application program tangibly embodied on a program storage unit or non-transitory computer readable medium or a non-transitory machine-readable storage medium that can be in a form of a digital circuit, an analogy circuit, a magnetic medium, or combination thereof The application program may be uploaded to, and executed by, a machine comprising any suitable architecture. Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing units (“CPUs”), a memory, and input/output interfaces. The computer platform may also include an operating system and microinstruction code. The various processes and functions described herein may be either part of the microinstruction code or part of the application program, or any combination thereof, which may be executed by a CPU, whether or not such computer or processor is explicitly shown. In addition, various other peripheral units may be connected to the computer platform such as an additional data storage unit and a printing unit.

All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the principles of the invention and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass both structural and functional equivalents thereof. Additionally, it is intended that such equivalents include both currently known equivalents as well as equivalents developed in the future, i.e., any elements developed that perform the same function, regardless of structure. 

What is claimed is:
 1. A method for identification of popular content provided over a first portion of a network to a second portion of a network in the form of packets containing, the method comprising: identifying a source of content in the first portion of a network; performing deep-packet-inspection (DPI) to determine if content in each packet related to the content is to be stored in a storage that is in a path between the content source and at least a user node in the second portion of the network; storing the content; receiving a request from the user node for a requested content; determining if the requested content or portions of the requested content is in the storage; sending a request to the content source for the requested content or missing portions of the requested content, if the requested content or portions of the requested content is missing in the storage.
 2. The method of claim 1, wherein the content is stored in the storage based on at least popularity of the content.
 3. The method of claim 1, further comprising determination of the at least a content source as a source from which content is to be saved in the storage.
 4. The method of claim 2, wherein the determination of the at least a content source is based on the popularity of access to the content in the at least a content source.
 5. The method of claim 1, wherein the DPI is performed on a predefined portion of packets flows from packet traffic on the first portion of the network.
 6. The method of claim 5, wherein the predefined portion is determined by using a hash function that accepts as an input source, addresses and destination addresses of the packet flows.
 7. The method of claim 6, wherein the hash function further accepts as an input source ports and destination ports of packet flows.
 8. The method of claim 5, wherein upon determination that a content source of the at least a content source contains content of interest than at least inspecting all packets of such content source.
 9. The method of claim 1, wherein the content is video content.
 10. A method for delivering popular content responsive of a request by at least a user node from a storage located on a network path between the at least a user node in a second portion of the network and at least a content source in a first portion of the network, the method comprising: performing deep-packet-inspection (DPI) of packets containing content delivered over the network path and storing in a storage, content determined to be popular content.
 11. The method of claim 10, wherein the content is video content.
 12. The method of claim 10, wherein a source of the at least a content source providing content determined to be popular content is identified as a content source for which all packets are inspected for popular content.
 13. A method comprising: receiving at least a parameter regarding data type of a content; selecting data packets for inspection from a plurality of data packets transferring over a first portion of a network; performing deep-packet-inspection (DPI) on the selected data packets to determine based on the at least parameter if the data packets contain content of interest; increasing an identification counter respective of the data packets that contain content of interest; associating a count of the identification counter with a content source; performing a DPI on each packet of the plurality of data packets that comes from an indentified source; and storing content of the inspected each packet if the inspection determined that the content was a content of interest.
 14. The method of claim 13, wherein the selecting data packets for inspection comprises: selecting one out of a predefined portion of packets of packet flows from the traffic on a network.
 15. The method of claim 14, wherein determining the predefined portion comprises: using a hash function that accepts as an input the source address and destination address of packets.
 16. The method of claim 13, wherein a source of content is considered to be identified upon an identification count exceeding a predetermined threshold value.
 17. The method of claim 13, further comprises: decreasing the value of the identification counter if the count did not increase for a predefined period of time.
 18. The method of claim 13, wherein the content is video.
 19. The method of claim 13, wherein storing content occurs after inspection of the content of a received data packet from the second network by the DPI unit. 